Weekly Vulnerabilities Reports > June 17 to 23, 2024
Overview
360 new vulnerabilities reported during this period, including 48 critical vulnerabilities and 109 high severity vulnerabilities. This weekly summary report vulnerabilities in 168 products from 141 vendors including Linux, Absolute, Oretnom23, Janobe, and Opencart. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Missing Authorization", "NULL Pointer Dereference", and "Use After Free".
- 251 reported vulnerabilities are remotely exploitables.
- 137 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 125 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 94 reported vulnerabilities.
- Janobe has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
48 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-06-21 | CVE-2024-6240 | Parallels | Improper Privilege Management vulnerability in Parallels Desktop Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. | 10.0 |
2024-06-19 | CVE-2024-5853 | The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. | 9.9 | |
2024-06-23 | CVE-2024-6268 | Lahirudanushka | SQL Injection vulnerability in Lahirudanushka School Management System 1.0/1.0.1 A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. | 9.8 |
2024-06-23 | CVE-2024-6266 | Pearadmin | SQL Injection vulnerability in Pearadmin Pear Admin Boot A vulnerability classified as critical has been found in Pear Admin Boot up to 2.0.2. | 9.8 |
2024-06-22 | CVE-2024-6253 | Kevinwong | SQL Injection vulnerability in Kevinwong Online Food Ordering System 1.0 A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. | 9.8 |
2024-06-21 | CVE-2024-6241 | Pearadmin | SQL Injection vulnerability in Pearadmin Pear Admin Boot A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. | 9.8 |
2024-06-21 | CVE-2023-38389 | Artbees | Incorrect Authorization vulnerability in Artbees Jupiter X Core Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8. | 9.8 |
2024-06-21 | CVE-2023-45197 | Adminerevo | Unrestricted Upload of File with Dangerous Type vulnerability in Adminerevo The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. | 9.8 |
2024-06-21 | CVE-2024-5756 | Icegram | SQL Injection vulnerability in Icegram Express The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
2024-06-21 | CVE-2024-6218 | Adrianmercurio | SQL Injection vulnerability in Adrianmercurio Vehicle Management System 1.0 A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. | 9.8 |
2024-06-21 | CVE-2024-6213 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0 A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. | 9.8 |
2024-06-20 | CVE-2024-6193 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Vehicle Management System Project in PHP and Mysql With Source Code 1.0 A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. | 9.8 |
2024-06-20 | CVE-2024-6194 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Tailoring Management System in PHP With Source Code 1.0 A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. | 9.8 |
2024-06-20 | CVE-2024-6195 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Tailoring Management System in PHP With Source Code 1.0 A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. | 9.8 |
2024-06-20 | CVE-2024-6196 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Banking Management System Project in PHP 1.0 A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. | 9.8 |
2024-06-20 | CVE-2024-6190 | Angeljudesuarez | SQL Injection vulnerability in Angeljudesuarez Farm Management System 1.0 A vulnerability was found in itsourcecode Farm Management System 1.0. | 9.8 |
2024-06-20 | CVE-2024-6191 | Angeljudesuarez | SQL Injection vulnerability in Angeljudesuarez Student Management System 1.0 A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. | 9.8 |
2024-06-20 | CVE-2024-6192 | Angeljudesuarez | SQL Injection vulnerability in Angeljudesuarez Loan Management System 1.0 A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. | 9.8 |
2024-06-20 | CVE-2024-4098 | The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. | 9.8 | |
2024-06-20 | CVE-2024-6113 | Janobe | SQL Injection vulnerability in Janobe Monbela Tourist INN Online Reservation System 1.0 A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0. | 9.8 |
2024-06-20 | CVE-2024-3605 | Thimpress | SQL Injection vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
2024-06-20 | CVE-2024-5432 | Webinane | Improper Authentication vulnerability in Webinane Lifeline Donation The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. | 9.8 |
2024-06-19 | CVE-2024-36678 | Promokit | SQL Injection vulnerability in Promokit PK Themesettings 1.8.8 In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
2024-06-19 | CVE-2024-36684 | Prestashop | SQL Injection vulnerability in Prestashop PK Customlinks In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
2024-06-19 | CVE-2022-45832 | Hennessey | Missing Authorization vulnerability in Hennessey Attorney Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3. | 9.8 |
2024-06-19 | CVE-2023-36515 | Thimpress | Missing Authorization vulnerability in Thimpress Learnpress Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | 9.8 |
2024-06-19 | CVE-2023-36684 | Brainstormforce | Missing Authorization vulnerability in Brainstormforce Convert PRO Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5. | 9.8 |
2024-06-19 | CVE-2023-48760 | Crocoblock | Missing Authorization vulnerability in Crocoblock Jetelements Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 9.8 |
2024-06-19 | CVE-2024-3229 | The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. | 9.8 | |
2024-06-18 | CVE-2024-6116 | Clivedelacruz | Unrestricted Upload of File with Dangerous Type vulnerability in Clivedelacruz Simple Online Hotel Reservation System 1.0 A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. | 9.8 |
2024-06-18 | CVE-2024-6111 | Janobe | SQL Injection vulnerability in Janobe Pool of Bethesda Online Reservation System 1.0 A vulnerability classified as critical has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. | 9.8 |
2024-06-18 | CVE-2024-6112 | Janobe | SQL Injection vulnerability in Janobe Pool of Bethesda Online Reservation System 1.0 A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. | 9.8 |
2024-06-18 | CVE-2024-6114 | Janobe | Unrestricted Upload of File with Dangerous Type vulnerability in Janobe Monbela Tourist INN Online Reservation System 1.0 A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. | 9.8 |
2024-06-18 | CVE-2024-6115 | Clivedelacruz | Unrestricted Upload of File with Dangerous Type vulnerability in Clivedelacruz Simple Online Hotel Reservation System 1.0 A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. | 9.8 |
2024-06-18 | CVE-2024-6110 | Janobe | Unrestricted Upload of File with Dangerous Type vulnerability in Janobe Magbanua Beach Resort Online Reservation System 1.0 A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. | 9.8 |
2024-06-18 | CVE-2024-37079 | Vmware | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. | 9.8 |
2024-06-18 | CVE-2024-37080 | Vmware | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. | 9.8 |
2024-06-18 | CVE-2024-6084 | Janobe | Unrestricted Upload of File with Dangerous Type vulnerability in Janobe Pool of Bethesda Online Reservation System 1.0 A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. | 9.8 |
2024-06-18 | CVE-2024-6083 | Phpvibe | Unrestricted Upload of File with Dangerous Type vulnerability in PHPvibe 11.0.46 A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. | 9.8 |
2024-06-17 | CVE-2024-6067 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Music Class Enrollment System 1.0 A vulnerability classified as critical was found in SourceCodester Music Class Enrollment System 1.0. | 9.8 |
2024-06-17 | CVE-2023-37058 | Unionman | Unspecified vulnerability in Unionman Jlink Ax1800 Firmware 1.0 Insecure Permissions vulnerability in JLINK Unionman Technology Co. | 9.8 |
2024-06-17 | CVE-2024-6065 | Janobe | SQL Injection vulnerability in Janobe Bakery Online Ordering System 1.0 A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. | 9.8 |
2024-06-17 | CVE-2024-6066 | Mayurik | SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. | 9.8 |
2024-06-17 | CVE-2024-6047 | Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. | 9.8 | |
2024-06-17 | CVE-2024-6043 | Mayurik | SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. | 9.8 |
2024-06-17 | CVE-2024-6042 | Angeljudesuarez | SQL Injection vulnerability in Angeljudesuarez Real Estate Management System 1.0 A vulnerability was found in itsourcecode Real Estate Management System 1.0. | 9.8 |
2024-06-19 | CVE-2024-5021 | The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. | 9.3 | |
2024-06-20 | CVE-2024-5182 | Mudler | Path Traversal vulnerability in Mudler Localai A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. | 9.1 |
109 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-06-21 | CVE-2024-35778 | Slideshow SE Project | Path Traversal vulnerability in Slideshow SE Project Slideshow SE Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17. | 8.8 |
2024-06-21 | CVE-2022-43453 | Billminozzi | Missing Authorization vulnerability in Billminozzi WP Tools Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41. | 8.8 |
2024-06-21 | CVE-2022-45803 | Gutenbergforms | Missing Authorization vulnerability in Gutenbergforms Gutenberg Forms Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3. | 8.8 |
2024-06-21 | CVE-2023-51375 | Wpdeveloper | Missing Authorization vulnerability in Wpdeveloper Embedpress Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3. | 8.8 |
2024-06-21 | CVE-2024-37118 | Uncannyowl | Cross-Site Request Forgery (CSRF) vulnerability in Uncannyowl Uncanny Automator Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3. | 8.8 |
2024-06-21 | CVE-2024-37198 | Blazethemes | Cross-Site Request Forgery (CSRF) vulnerability in Blazethemes Digital Newspaper Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5. | 8.8 |
2024-06-21 | CVE-2024-37212 | Ali2Woo | Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo 3.3.5 Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | 8.8 |
2024-06-21 | CVE-2024-37227 | Tribulant | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7. | 8.8 |
2024-06-21 | CVE-2024-37230 | Rarathemes | Cross-Site Request Forgery (CSRF) vulnerability in Rarathemes Book Landing Page Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3. | 8.8 |
2024-06-21 | CVE-2024-35770 | Davekiss | Cross-Site Request Forgery (CSRF) vulnerability in Davekiss Vimeography Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1. | 8.8 |
2024-06-21 | CVE-2024-35771 | Presscustomizr | Cross-Site Request Forgery (CSRF) vulnerability in Presscustomizr Customizr Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21. | 8.8 |
2024-06-21 | CVE-2024-35772 | Presscustomizr | Cross-Site Request Forgery (CSRF) vulnerability in Presscustomizr Hueman Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24. | 8.8 |
2024-06-21 | CVE-2024-5455 | Posimyth | Unspecified vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. | 8.8 |
2024-06-21 | CVE-2024-5503 | Codevibrant | Unspecified vulnerability in Codevibrant WP Blog Post Layouts The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. | 8.8 |
2024-06-21 | CVE-2024-6215 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0 A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. | 8.8 |
2024-06-21 | CVE-2024-6216 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. | 8.8 |
2024-06-21 | CVE-2024-6217 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0 A vulnerability classified as critical was found in SourceCodester Food Ordering Management System 1.0. | 8.8 |
2024-06-21 | CVE-2024-6214 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0 A vulnerability was found in SourceCodester Food Ordering Management System 1.0. | 8.8 |
2024-06-20 | CVE-2024-37532 | IBM | Improper Verification of Cryptographic Signature vulnerability in IBM Websphere Application Server 8.5.0.0/9.0.0.0 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. | 8.8 |
2024-06-20 | CVE-2024-6185 | Ruijie | OS Command Injection vulnerability in Ruijie Rg-Uac Firmware 1.0 A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. | 8.8 |
2024-06-20 | CVE-2024-5605 | Davidlingren | SQL Injection vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-06-20 | CVE-2024-3561 | Custom Field Suite Project | SQL Injection vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-06-20 | CVE-2024-3562 | Custom Field Suite Project | Code Injection vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. | 8.8 |
2024-06-20 | CVE-2024-4742 | Kainelabs | SQL Injection vulnerability in Kainelabs Youzify The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-06-20 | CVE-2024-6100 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 | |
2024-06-20 | CVE-2024-6101 | Unspecified vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 8.8 | |
2024-06-20 | CVE-2024-6102 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-06-20 | CVE-2024-6103 | Use After Free vulnerability in Google Chrome Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-06-19 | CVE-2023-36516 | Thimpress | Missing Authorization vulnerability in Thimpress Learnpress Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | 8.8 |
2024-06-19 | CVE-2023-38393 | Ninjaforms | Missing Authorization vulnerability in Ninjaforms Ninja Forms Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | 8.8 |
2024-06-19 | CVE-2023-38394 | Artbees | Missing Authorization vulnerability in Artbees Jupiter X Core Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. | 8.8 |
2024-06-19 | CVE-2023-39312 | Theme Fusion | Missing Authorization vulnerability in Theme-Fusion Avada Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | 8.8 |
2024-06-19 | CVE-2024-34444 | Themepunch | Missing Authorization vulnerability in Themepunch Slider Revolution Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0. | 8.8 |
2024-06-19 | CVE-2023-36676 | Brainstormforce | Missing Authorization vulnerability in Brainstormforce Spectra Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. | 8.8 |
2024-06-19 | CVE-2023-44148 | Brainstormforce | Missing Authorization vulnerability in Brainstormforce Astra Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7. | 8.8 |
2024-06-19 | CVE-2023-44151 | Brainstormforce | Missing Authorization vulnerability in Brainstormforce Pre-Publish Checklist Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1. | 8.8 |
2024-06-19 | CVE-2023-46146 | Themify | Missing Authorization vulnerability in Themify Ultra Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 8.8 |
2024-06-19 | CVE-2023-46148 | Themify | Missing Authorization vulnerability in Themify Ultra Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 8.8 |
2024-06-19 | CVE-2024-6132 | The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. | 8.8 | |
2024-06-19 | CVE-2024-2381 | Ali2Woo | Unrestricted Upload of File with Dangerous Type vulnerability in Ali2Woo Aliexpress Dropshipping With Alinext The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. | 8.8 |
2024-06-19 | CVE-2024-5649 | Webhuntinfotech | Deserialization of Untrusted Data vulnerability in Webhuntinfotech Universal Slider The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. | 8.8 |
2024-06-19 | CVE-2024-5724 | Webhuntinfotech | Deserialization of Untrusted Data vulnerability in Webhuntinfotech Photo Video Gallery Master The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. | 8.8 |
2024-06-19 | CVE-2024-6142 | Actiontec | Classic Buffer Overflow vulnerability in Actiontec Wcb6200Q Firmware 1.2L.03.5 Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
2024-06-19 | CVE-2024-6143 | Actiontec | Classic Buffer Overflow vulnerability in Actiontec Wcb6200Q Firmware 1.2L.03.5 Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
2024-06-19 | CVE-2024-6144 | Actiontec | Out-of-bounds Write vulnerability in Actiontec Wcb6200Q Firmware 1.2L.03.5 Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
2024-06-19 | CVE-2024-6145 | Actiontec | Use of Externally-Controlled Format String vulnerability in Actiontec Wcb6200Q Firmware 1.2L.03.5 Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. | 8.8 |
2024-06-19 | CVE-2024-6146 | Actiontec | Out-of-bounds Write vulnerability in Actiontec Wcb6200Q Firmware 1.2L.03.5 Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
2024-06-18 | CVE-2024-38276 | Fedoraproject Moodle | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Incorrect CSRF token checks resulted in multiple CSRF risks. | 8.8 |
2024-06-18 | CVE-2024-37802 | Health Care Hospital Management System Project | SQL Injection vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. | 8.8 |
2024-06-18 | CVE-2024-38347 | Health Care Hospital Management System Project | SQL Injection vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. | 8.8 |
2024-06-18 | CVE-2024-38348 | Health Care Hospital Management System Project | SQL Injection vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. | 8.8 |
2024-06-18 | CVE-2024-6109 | Angeljudesuarez | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability was found in itsourcecode Tailoring Management System 1.0. | 8.8 |
2024-06-17 | CVE-2024-6045 | Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. | 8.8 | |
2024-06-22 | CVE-2024-21514 | Opencart | SQL Injection vulnerability in Opencart 3.0.3.9 This affects versions of the package opencart/opencart from 0.0.0. | 8.1 |
2024-06-18 | CVE-2024-38506 | Jetbrains | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows | 8.1 |
2024-06-18 | CVE-2023-5527 | Businessdirectoryplugin | Improper Neutralization of Formula Elements in a CSV File vulnerability in Businessdirectoryplugin Business Directory The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. | 8.0 |
2024-06-21 | CVE-2024-36477 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. | 7.8 |
2024-06-21 | CVE-2024-39277 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask [64][1]' CPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:117) ubsan_epilogue (lib/ubsan.c:232) __ubsan_handle_out_of_bounds (lib/ubsan.c:429) cpumask_of_node (arch/x86/include/asm/topology.h:72) [inline] do_map_benchmark (kernel/dma/map_benchmark.c:104) map_benchmark_ioctl (kernel/dma/map_benchmark.c:246) full_proxy_unlocked_ioctl (fs/debugfs/file.c:333) __x64_sys_ioctl (fs/ioctl.c:890) do_syscall_64 (arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Use cpumask_of_node() in place when binding a kernel thread to a cpuset of a particular node. Note that the provided node id is checked inside map_benchmark_ioctl(). It's just a NUMA_NO_NODE case which is not handled properly later. Found by Linux Verification Center (linuxtesting.org). | 7.8 |
2024-06-21 | CVE-2024-38627 | Linux | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free. | 7.8 |
2024-06-21 | CVE-2024-38630 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. | 7.8 |
2024-06-21 | CVE-2024-38631 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iio: adc: PAC1934: fix accessing out of bounds array index Fix accessing out of bounds array index for average current and voltage measurements. | 7.8 |
2024-06-20 | CVE-2024-6147 | HP | Link Following vulnerability in HP Poly Plantronics HUB 3.24.2 Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. | 7.8 |
2024-06-20 | CVE-2024-6153 | Parallels | Unspecified vulnerability in Parallels Desktop Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. | 7.8 |
2024-06-20 | CVE-2021-4439 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num); During this process, the kernel thread would call detach_capi_ctr() to detach a register controller. | 7.8 |
2024-06-20 | CVE-2022-48726 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline] BUG: KASAN: use-after-free in ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579 Read of size 8 at addr ffff88801bb74b00 by task syz-executor.1/25529 CPU: 0 PID: 25529 Comm: syz-executor.1 Not tainted 5.16.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:450 ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline] ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579 ucma_destroy_id+0x1e6/0x280 drivers/infiniband/core/ucma.c:614 ucma_write+0x25c/0x350 drivers/infiniband/core/ucma.c:1732 vfs_write+0x28e/0xae0 fs/read_write.c:588 ksys_write+0x1ee/0x250 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Currently the xarray search can touch a concurrently freeing mc as the xa_for_each() is not surrounded by any lock. | 7.8 |
2024-06-20 | CVE-2022-48732 | Linux | Off-by-one Error vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. | 7.8 |
2024-06-20 | CVE-2022-48733 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. | 7.8 |
2024-06-20 | CVE-2022-48735 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by HD-audio codec drivers are registered via devm_led_classdev_register() and associated with the HD-audio codec device. | 7.8 |
2024-06-20 | CVE-2022-48740 | Linux | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NULL pointer deref. | 7.8 |
2024-06-20 | CVE-2022-48742 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the replay logic in __rtnl_newlink() to potentially trigger use-after-free. It is better to clear master_dev and m_ops inside the loop, in case we have to replay it. | 7.8 |
2024-06-19 | CVE-2021-47576 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509 Read of size 1 at addr ffff888026670f50 by task scsicmd/15032 CPU: 1 PID: 15032 Comm: scsicmd Not tainted 5.15.0-01d0625 #15 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Call Trace: <TASK> dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:107 print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:257 kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:443 __asan_report_load1_noabort+0x14/0x20 mm/kasan/report_generic.c:306 resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509 schedule_resp+0x4af/0x1a10 drivers/scsi/scsi_debug.c:5483 scsi_debug_queuecommand+0x8c9/0x1e70 drivers/scsi/scsi_debug.c:7537 scsi_queue_rq+0x16b4/0x2d10 drivers/scsi/scsi_lib.c:1521 blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1640 __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325 blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358 __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1762 __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1839 blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891 blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474 blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:63 sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:837 sg_new_write.isra.19+0x570/0x8c0 drivers/scsi/sg.c:775 sg_ioctl_common+0x14d6/0x2710 drivers/scsi/sg.c:941 sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1166 __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:52 do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:50 entry_SYSCALL_64_after_hwframe+0x44/0xae arch/x86/entry/entry_64.S:113 | 7.8 |
2024-06-19 | CVE-2021-47589 | Linux | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. | 7.8 |
2024-06-19 | CVE-2021-47596 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. | 7.8 |
2024-06-19 | CVE-2021-47598 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock_common kernel/locking/mutex.c:586 [inline] WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740 Modules linked in: CPU: 0 PID: 21902 Comm: syz-executor189 Not tainted 5.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:586 [inline] RIP: 0010:__mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740 Code: 08 84 d2 0f 85 19 08 00 00 8b 05 97 38 4b 04 85 c0 0f 85 27 f7 ff ff 48 c7 c6 20 00 ac 89 48 c7 c7 a0 fe ab 89 e8 bf 76 ba ff <0f> 0b e9 0d f7 ff ff 48 8b 44 24 40 48 8d b8 c8 08 00 00 48 89 f8 RSP: 0018:ffffc9000627f290 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff88802315d700 RSI: ffffffff815f1db8 RDI: fffff52000c4fe44 RBP: ffff88818f28e000 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff815ebb5e R11: 0000000000000000 R12: 0000000000000000 R13: dffffc0000000000 R14: ffffc9000627f458 R15: 0000000093c30000 FS: 0000555556abc400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fda689c3303 CR3: 000000001cfbb000 CR4: 0000000000350ef0 Call Trace: <TASK> tcf_chain0_head_change_cb_del+0x2e/0x3d0 net/sched/cls_api.c:810 tcf_block_put_ext net/sched/cls_api.c:1381 [inline] tcf_block_put_ext net/sched/cls_api.c:1376 [inline] tcf_block_put+0xbc/0x130 net/sched/cls_api.c:1394 cake_destroy+0x3f/0x80 net/sched/sch_cake.c:2695 qdisc_create.constprop.0+0x9da/0x10f0 net/sched/sch_api.c:1293 tc_modify_qdisc+0x4c5/0x1980 net/sched/sch_api.c:1660 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5571 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2496 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f1bb06badb9 Code: Unable to access opcode bytes at RIP 0x7f1bb06bad8f. RSP: 002b:00007fff3012a658 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1bb06badb9 RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000003 R10: 0000000000000003 R11: 0000000000000246 R12: 00007fff3012a688 R13: 00007fff3012a6a0 R14: 00007fff3012a6e0 R15: 00000000000013c2 </TASK> | 7.8 |
2024-06-19 | CVE-2021-47600 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). | 7.8 |
2024-06-19 | CVE-2021-47614 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a user-after-free in add_pble_prm When irdma_hmc_sd_one fails, 'chunk' is freed while its still on the PBLE info list. Add the chunk entry to the PBLE info list only after successful setting of the SD in irdma_hmc_sd_one. | 7.8 |
2024-06-19 | CVE-2021-47616 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA: Fix use-after-free in rxe_queue_cleanup On error handling path in rxe_qp_from_init() qp->sq.queue is freed and then rxe_create_qp() will drop last reference to this object. | 7.8 |
2024-06-19 | CVE-2024-36979 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. | 7.8 |
2024-06-19 | CVE-2024-38545 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. | 7.8 |
2024-06-19 | CVE-2024-38552 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. | 7.8 |
2024-06-19 | CVE-2024-38555 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. | 7.8 |
2024-06-19 | CVE-2024-38562 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need to be calculated from the allocation base ("request") rather than via the first "out of bounds" index of "channels", otherwise run-time bounds checking will throw a warning. | 7.8 |
2024-06-19 | CVE-2024-38568 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd [1], but the driver does not check whether the array index is out of bounds when writing data to the event_group array. | 7.8 |
2024-06-19 | CVE-2024-38569 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd [1], but the driver does not check whether the array index is out of bounds when writing data to the event_group array. | 7.8 |
2024-06-19 | CVE-2024-38570 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. | 7.8 |
2024-06-19 | CVE-2024-38577 | Linux | Classic Buffer Overflow vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. | 7.8 |
2024-06-19 | CVE-2024-38581 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_mes.c | 7.8 |
2024-06-19 | CVE-2024-38583 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. | 7.8 |
2024-06-19 | CVE-2024-38588 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. | 7.8 |
2024-06-19 | CVE-2024-36978 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. | 7.8 |
2024-06-17 | CVE-2024-6080 | Intelbras | Unquoted Search Path or Element vulnerability in Intelbras Incontrol 2.21.56 A vulnerability classified as critical was found in Intelbras InControl 2.21.56. | 7.8 |
2024-06-19 | CVE-2024-38329 | IBM | Incorrect Authorization vulnerability in IBM Storage Protect for Virtual Environments IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. | 7.7 |
2024-06-21 | CVE-2024-35537 | Tvsmotor | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Tvsmotor TVS Connect 4.6.0/5.0.0 TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption. | 7.5 |
2024-06-21 | CVE-2022-44587 | Melapress | Information Exposure Through Log Files vulnerability in Melapress WP 2FA Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3. | 7.5 |
2024-06-21 | CVE-2024-6239 | Freedesktop Redhat | A flaw was found in the Poppler's Pdfinfo utility. | 7.5 |
2024-06-21 | CVE-2024-35776 | Exeebit | Unspecified vulnerability in Exeebit PHPinfo-Wp Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through 5.0. | 7.5 |
2024-06-21 | CVE-2024-5059 | Awplife | Unspecified vulnerability in Awplife Event Monster Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0. | 7.5 |
2024-06-21 | CVE-2024-6027 | Themify | SQL Injection vulnerability in Themify Product Filter The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
2024-06-20 | CVE-2024-29012 | Sonicwall | Out-of-bounds Write vulnerability in Sonicwall Sonicos Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. | 7.5 |
2024-06-19 | CVE-2023-48759 | Crocoblock | Missing Authorization vulnerability in Crocoblock Jetelements Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 7.5 |
2024-06-19 | CVE-2024-5574 | The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. | 7.5 | |
2024-06-18 | CVE-2024-38505 | Jetbrains | Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | 7.5 |
2024-06-22 | CVE-2024-21518 | Opencart | Path Traversal vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 7.2 |
2024-06-22 | CVE-2024-21519 | Opencart | Unspecified vulnerability in Opencart 4.0.0.0/4.0.2.2 This affects versions of the package opencart/opencart from 4.0.0.0. | 7.2 |
2024-06-21 | CVE-2024-35767 | Squeeze Project | Unrestricted Upload of File with Dangerous Type vulnerability in Squeeze Project Squeeze Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4. | 7.2 |
2024-06-21 | CVE-2024-38381 | Linux | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. | 7.1 |
2024-06-19 | CVE-2021-47604 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: vduse: check that offset is within bounds in get_config() This condition checks "len" but it does not check "offset" and that could result in an out of bounds read if "offset > dev->config_size". The problem is that since both variables are unsigned the "dev->config_size - offset" subtraction would result in a very high unsigned value. I think these checks might not be necessary because "len" and "offset" are supposed to already have been validated using the vhost_vdpa_config_validate() function. | 7.1 |
2024-06-19 | CVE-2024-38538 | Linux | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. | 7.1 |
2024-06-19 | CVE-2024-38561 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: kunit: Fix kthread reference There is a race condition when a kthread finishes after the deadline and before the call to kthread_stop(), which may lead to use after free. | 7.0 |
196 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-06-20 | CVE-2024-6154 | Parallels | Out-of-bounds Write vulnerability in Parallels Desktop Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. | 6.7 |
2024-06-22 | CVE-2024-6120 | Wpneuron | Missing Authorization vulnerability in Wpneuron Sparkle Demo Importer The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. | 6.5 |
2024-06-21 | CVE-2024-35781 | Back2Nature | Path Traversal vulnerability in Back2Nature Word Balloon Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1. | 6.5 |
2024-06-21 | CVE-2024-4382 | Wielebenwir | Cross-Site Request Forgery (CSRF) vulnerability in Wielebenwir Commonsbooking The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks | 6.5 |
2024-06-21 | CVE-2024-1639 | Wpexperts | Incorrect Authorization vulnerability in Wpexperts License Manager for Woocommerce The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. | 6.5 |
2024-06-20 | CVE-2024-29013 | Sonicwall | Out-of-bounds Write vulnerability in Sonicwall Sonicos Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. | 6.5 |
2024-06-20 | CVE-2024-4565 | Advancedcustomfields | Unspecified vulnerability in Advancedcustomfields Advanced Custom Fields The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access | 6.5 |
2024-06-20 | CVE-2024-4390 | Depicter | Improper Privilege Management vulnerability in Depicter The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. | 6.5 |
2024-06-20 | CVE-2024-5213 | Mintplexlabs | Exposure of Sensitive Information Through Metadata vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0/1.5.3 In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and after account creations (`POST /api/admin/users/new`). | 6.5 |
2024-06-20 | CVE-2023-3204 | Extendthemes | Missing Authorization vulnerability in Extendthemes Materialis The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. | 6.5 |
2024-06-19 | CVE-2023-41805 | Brainstormforce | Missing Authorization vulnerability in Brainstormforce Starter Templates Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5. | 6.5 |
2024-06-18 | CVE-2024-1634 | Startbooking | Missing Authorization vulnerability in Startbooking Scheduling Plugin - Online Booking The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. | 6.5 |
2024-06-17 | CVE-2024-6044 | Certain models of D-Link wireless routers have a path traversal vulnerability. | 6.5 | |
2024-06-20 | CVE-2024-5156 | The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-20 | CVE-2024-5036 | The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-19 | CVE-2024-0383 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [wprm-recipe-instructions] and [wprm-recipe-ingredients] shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on the 'group_tag' attribute . | 6.4 | |
2024-06-19 | CVE-2024-4632 | The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-19 | CVE-2024-3894 | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an Image Title in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-19 | CVE-2023-6692 | The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tab anchor metabox in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-19 | CVE-2024-3984 | The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocial_reviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-19 | CVE-2024-4623 | The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagination_style’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-19 | CVE-2024-4663 | The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-19 | CVE-2024-5768 | The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. | 6.4 | |
2024-06-18 | CVE-2024-5970 | The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-22 | CVE-2024-5596 | The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. | 6.3 | |
2024-06-19 | CVE-2023-25697 | Gamipress | Cross-Site Request Forgery (CSRF) vulnerability in Gamipress Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6. | 6.3 |
2024-06-19 | CVE-2023-48761 | Crocoblock | Missing Authorization vulnerability in Crocoblock Jetelements Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 6.3 |
2024-06-19 | CVE-2024-4450 | Ali2Woo | Missing Authorization vulnerability in Ali2Woo Aliexpress Dropshipping With Alinext The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. | 6.3 |
2024-06-23 | CVE-2024-6273 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Clinic Queuing System 1.0 A vulnerability was found in SourceCodester Clinic Queuing System 1.0. | 6.1 |
2024-06-22 | CVE-2024-6251 | Playsms | Cross-site Scripting vulnerability in Playsms 1.4.3 A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. | 6.1 |
2024-06-22 | CVE-2024-6252 | Skycaiji | Cross-site Scripting vulnerability in Skycaiji A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. | 6.1 |
2024-06-22 | CVE-2024-21517 | Opencart | Cross-site Scripting vulnerability in Opencart 4.0.0.0/4.0.2.2 This affects versions of the package opencart/opencart from 4.0.0.0. | 6.1 |
2024-06-22 | CVE-2024-5791 | Vcita | Cross-site Scripting vulnerability in Vcita Online Booking & Scheduling Calendar for Wordpress BY Vcita The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input sanitization and output escaping. | 6.1 |
2024-06-21 | CVE-2024-35766 | WP Pizza | Cross-site Scripting vulnerability in Wp-Pizza Wppizza Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through 3.18.13. | 6.1 |
2024-06-21 | CVE-2024-5859 | Vcita | Cross-site Scripting vulnerability in Vcita Online Booking & Scheduling Calendar for Wordpress BY Vcita The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. | 6.1 |
2024-06-21 | CVE-2024-4616 | Devnath Verma | Cross-site Scripting vulnerability in Devnath Verma Widget Bundle 2.0.0 The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users | 6.1 |
2024-06-21 | CVE-2024-5344 | Posimyth | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. | 6.1 |
2024-06-21 | CVE-2024-6212 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. | 6.1 |
2024-06-20 | CVE-2024-6183 | EZ Suite | Cross-site Scripting vulnerability in Ez-Suite Ez-Partner 5 A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. | 6.1 |
2024-06-20 | CVE-2024-3597 | Myrecorp | Open Redirect vulnerability in Myrecorp Export WP Page to Static Html/Css 2.1.9 The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. | 6.1 |
2024-06-20 | CVE-2024-6177 | LG | Cross-site Scripting vulnerability in LG Supersign CMS Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. | 6.1 |
2024-06-20 | CVE-2024-6178 | LG | Cross-site Scripting vulnerability in LG Supersign CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. | 6.1 |
2024-06-20 | CVE-2024-6179 | LG | Cross-site Scripting vulnerability in LG Supersign CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. | 6.1 |
2024-06-18 | CVE-2024-37800 | Health Care Hospital Management System Project | Cross-site Scripting vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. | 6.1 |
2024-06-17 | CVE-2024-6082 | Phpvibe | Cross-site Scripting vulnerability in PHPvibe 11.0.46 A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. | 6.1 |
2024-06-17 | CVE-2024-6058 | Labvantage | Cross-site Scripting vulnerability in Labvantage Laboratory Information Management System 2017 A vulnerability classified as problematic has been found in LabVantage LIMS 2017. | 6.1 |
2024-06-17 | CVE-2024-37619 | Strongshop | Cross-site Scripting vulnerability in Strongshop 1.0 StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php. | 6.1 |
2024-06-17 | CVE-2024-37624 | Rockoa | Cross-site Scripting vulnerability in Rockoa Xinhu 2.6.3 Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. | 6.1 |
2024-06-17 | CVE-2024-37625 | Zhimengzhel | Cross-site Scripting vulnerability in Zhimengzhel Ibarn 1.5 zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php. | 6.1 |
2024-06-19 | CVE-2024-4787 | The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. | 5.8 | |
2024-06-21 | CVE-2024-36288 | Linux | Infinite Loop vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. | 5.5 |
2024-06-21 | CVE-2024-36481 | Linux | Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parse_btf_field() btf_find_struct_member() might return NULL or an error via the ERR_PTR() macro. | 5.5 |
2024-06-21 | CVE-2024-38780 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite sync_print_obj() is called from sync_debugfs_show(), lockdep complains inconsistent lock state warning. Use plain spin_{lock,unlock}() for sync_print_obj(), for sync_debugfs_show() is already using spin_{lock,unlock}_irq(). | 5.5 |
2024-06-21 | CVE-2024-36270 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [..] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Call Trace: nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168 __in_dev_get_rcu() can return NULL, so check for this. | 5.5 |
2024-06-21 | CVE-2024-36281 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules rx_create no longer allocates a modify_hdr instance that needs to be cleaned up. | 5.5 |
2024-06-21 | CVE-2024-36478 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/config/nullb/nullb0 while true; do echo 1 > submit_queues; echo 4 > submit_queues; done & while true; do echo 1 > power; echo 0 > power; done Test result: BUG: kernel NULL pointer dereference, address: 0000000000000148 Oops: 0000 [#1] PREEMPT SMP RIP: 0010:__lock_acquire+0x41d/0x28f0 Call Trace: <TASK> lock_acquire+0x121/0x450 down_write+0x5f/0x1d0 simple_recursive_removal+0x12f/0x5c0 blk_mq_debugfs_unregister_hctxs+0x7c/0x100 blk_mq_update_nr_hw_queues+0x4a3/0x720 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x79/0xf0 [null_blk] configfs_write_iter+0x119/0x1e0 vfs_write+0x326/0x730 ksys_write+0x74/0x150 This is because del_gendisk() can concurrent with blk_mq_update_nr_hw_queues(): nullb_device_power_store nullb_apply_submit_queues null_del_dev del_gendisk nullb_update_nr_hw_queues if (!dev->nullb) // still set while gendisk is deleted return 0 blk_mq_update_nr_hw_queues dev->nullb = NULL Fix this problem by resuing the global mutex to protect nullb_device_power_store() and nullb_update_nr_hw_queues() from configfs. | 5.5 |
2024-06-21 | CVE-2024-36489 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0 CPU1 ----- ----- // In tls_init() // In tls_ctx_create() ctx = kzalloc() ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1) // In update_sk_prot() WRITE_ONCE(sk->sk_prot, tls_prots) -(2) // In sock_common_setsockopt() READ_ONCE(sk->sk_prot)->setsockopt() // In tls_{setsockopt,getsockopt}() ctx->sk_proto->setsockopt() -(3) In the above scenario, when (1) and (2) are reordered, (3) can observe the NULL value of ctx->sk_proto, causing NULL dereference. To fix it, we rely on rcu_assign_pointer() which implies the release barrier semantic. | 5.5 |
2024-06-21 | CVE-2024-38390 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->pdev is only assigned in: a6xx_gpu_init() |_ adreno_gpu_init |_ msm_gpu_init() Instead of relying on handwavy null checks down the cleanup chain, explicitly de-allocate the LLC data and free a6xx_gpu instead. Patchwork: https://patchwork.freedesktop.org/patch/588919/ | 5.5 |
2024-06-21 | CVE-2024-38632 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak. | 5.5 |
2024-06-21 | CVE-2024-38633 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. | 5.5 |
2024-06-20 | CVE-2022-48724 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware node unconditionally allocated"). | 5.5 |
2024-06-20 | CVE-2022-48725 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the error path. | 5.5 |
2024-06-20 | CVE-2022-48728 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix AIP early init panic An early failure in hfi1_ipoib_setup_rn() can lead to the following panic: BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0 PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI Workqueue: events work_for_cpu_fn RIP: 0010:try_to_grab_pending+0x2b/0x140 Code: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 <f0> 48 0f ba 2b 00 72 09 31 c0 5b 5d 41 5c 41 5d c3 48 89 df e8 6c RSP: 0018:ffffb6b3cf7cfa48 EFLAGS: 00010046 RAX: 0000000000000246 RBX: 00000000000001b0 RCX: 0000000000000000 RDX: 0000000000000246 RSI: 0000000000000000 RDI: 00000000000001b0 RBP: ffffb6b3cf7cfa70 R08: 0000000000000f09 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: ffffb6b3cf7cfa90 R14: ffffffff9b2fbfc0 R15: ffff8a4fdf244690 FS: 0000000000000000(0000) GS:ffff8a527f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000001b0 CR3: 00000017e2410003 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: __cancel_work_timer+0x42/0x190 ? dev_printk_emit+0x4e/0x70 iowait_cancel_work+0x15/0x30 [hfi1] hfi1_ipoib_txreq_deinit+0x5a/0x220 [hfi1] ? dev_err+0x6c/0x90 hfi1_ipoib_netdev_dtor+0x15/0x30 [hfi1] hfi1_ipoib_setup_rn+0x10e/0x150 [hfi1] rdma_init_netdev+0x5a/0x80 [ib_core] ? hfi1_ipoib_free_rdma_netdev+0x20/0x20 [hfi1] ipoib_intf_init+0x6c/0x350 [ib_ipoib] ipoib_intf_alloc+0x5c/0xc0 [ib_ipoib] ipoib_add_one+0xbe/0x300 [ib_ipoib] add_client_context+0x12c/0x1a0 [ib_core] enable_device_and_get+0xdc/0x1d0 [ib_core] ib_register_device+0x572/0x6b0 [ib_core] rvt_register_device+0x11b/0x220 [rdmavt] hfi1_register_ib_device+0x6b4/0x770 [hfi1] do_init_one.isra.20+0x3e3/0x680 [hfi1] local_pci_probe+0x41/0x90 work_for_cpu_fn+0x16/0x20 process_one_work+0x1a7/0x360 ? create_worker+0x1a0/0x1a0 worker_thread+0x1cf/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x116/0x130 ? kthread_flush_work_fn+0x10/0x10 ret_from_fork+0x1f/0x40 The panic happens in hfi1_ipoib_txreq_deinit() because there is a NULL deref when hfi1_ipoib_netdev_dtor() is called in this error case. hfi1_ipoib_txreq_init() and hfi1_ipoib_rxq_init() are self unwinding so fix by adjusting the error paths accordingly. Other changes: - hfi1_ipoib_free_rdma_netdev() is deleted including the free_netdev() since the netdev core code deletes calls free_netdev() - The switch to the accelerated entrances is moved to the success path. | 5.5 |
2024-06-20 | CVE-2022-48729 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix panic with larger ipoib send_queue_size When the ipoib send_queue_size is increased from the default the following panic happens: RIP: 0010:hfi1_ipoib_drain_tx_ring+0x45/0xf0 [hfi1] Code: 31 e4 eb 0f 8b 85 c8 02 00 00 41 83 c4 01 44 39 e0 76 60 8b 8d cc 02 00 00 44 89 e3 be 01 00 00 00 d3 e3 48 03 9d c0 02 00 00 <c7> 83 18 01 00 00 00 00 00 00 48 8b bb 30 01 00 00 e8 25 af a7 e0 RSP: 0018:ffffc9000798f4a0 EFLAGS: 00010286 RAX: 0000000000008000 RBX: ffffc9000aa0f000 RCX: 000000000000000f RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff88810ff08000 R08: ffff88889476d900 R09: 0000000000000101 R10: 0000000000000000 R11: ffffc90006590ff8 R12: 0000000000000200 R13: ffffc9000798fba8 R14: 0000000000000000 R15: 0000000000000001 FS: 00007fd0f79cc3c0(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc9000aa0f118 CR3: 0000000889c84001 CR4: 00000000001706e0 Call Trace: <TASK> hfi1_ipoib_napi_tx_disable+0x45/0x60 [hfi1] hfi1_ipoib_dev_stop+0x18/0x80 [hfi1] ipoib_ib_dev_stop+0x1d/0x40 [ib_ipoib] ipoib_stop+0x48/0xc0 [ib_ipoib] __dev_close_many+0x9e/0x110 __dev_change_flags+0xd9/0x210 dev_change_flags+0x21/0x60 do_setlink+0x31c/0x10f0 ? __nla_validate_parse+0x12d/0x1a0 ? __nla_parse+0x21/0x30 ? inet6_validate_link_af+0x5e/0xf0 ? cpumask_next+0x1f/0x20 ? __snmp6_fill_stats64.isra.53+0xbb/0x140 ? __nla_validate_parse+0x47/0x1a0 __rtnl_newlink+0x530/0x910 ? pskb_expand_head+0x73/0x300 ? __kmalloc_node_track_caller+0x109/0x280 ? __nla_put+0xc/0x20 ? cpumask_next_and+0x20/0x30 ? update_sd_lb_stats.constprop.144+0xd3/0x820 ? _raw_spin_unlock_irqrestore+0x25/0x37 ? __wake_up_common_lock+0x87/0xc0 ? kmem_cache_alloc_trace+0x3d/0x3d0 rtnl_newlink+0x43/0x60 The issue happens when the shift that should have been a function of the txq item size mistakenly used the ring size. Fix by using the item size. | 5.5 |
2024-06-20 | CVE-2022-48734 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgroup rescan worker completes. | 5.5 |
2024-06-20 | CVE-2022-48741 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ovl: fix NULL pointer dereference in copy up warning This patch is fixing a NULL pointer dereference to get a recently introduced warning message working. | 5.5 |
2024-06-20 | CVE-2022-48743 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length underflows are seen because of inconsistencies in the hardware descriptors. | 5.5 |
2024-06-20 | CVE-2022-48749 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc The function performs a check on the "ctx" input parameter, however, it is used before the check. Initialize the "base" variable after the sanity check to avoid a possible NULL pointer dereference. Addresses-Coverity-ID: 1493866 ("Null pointer dereference") | 5.5 |
2024-06-20 | CVE-2022-48750 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Pawe? Marciniak reports the following crash, observed when clearing the chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 4815 Comm: bash Tainted: G S 5.16.2-200.fc35.x86_64 #1 Hardware name: To Be Filled By O.E.M. | 5.5 |
2024-06-20 | CVE-2022-48753 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in disk_register_independent_access_ranges kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add() If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Fix this issue by adding kobject_put(). Callback function blk_ia_ranges_sysfs_release() in kobject_put() can handle the pointer "iars" properly. | 5.5 |
2024-06-20 | CVE-2022-48756 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable The function performs a check on the "phy" input parameter, however, it is used before the check. Initialize the "dev" variable after the sanity check to avoid a possible NULL pointer dereference. Addresses-Coverity-ID: 1493860 ("Null pointer dereference") | 5.5 |
2024-06-20 | CVE-2022-48768 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tracing/histogram: Fix a potential memory leak for kstrdup() kfree() is missing on an error path to free the memory allocated by kstrdup(): p = param = kstrdup(data->params[i], GFP_KERNEL); So it is better to free it via kfree(p). | 5.5 |
2024-06-20 | CVE-2021-47617 | Linux | Infinite Loop vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after turning off slot power. | 5.5 |
2024-06-20 | CVE-2021-47619 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: i40e: Fix queues reservation for XDP When XDP was configured on a system with large number of CPUs and X722 NIC there was a call trace with NULL pointer dereference. i40e 0000:87:00.0: failed to get tracking for 256 queues for VSI 0 err -12 i40e 0000:87:00.0: setup of MAIN VSI failed BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:i40e_xdp+0xea/0x1b0 [i40e] Call Trace: ? i40e_reconfig_rss_queues+0x130/0x130 [i40e] dev_xdp_install+0x61/0xe0 dev_xdp_attach+0x18a/0x4c0 dev_change_xdp_fd+0x1e6/0x220 do_setlink+0x616/0x1030 ? ahci_port_stop+0x80/0x80 ? ata_qc_issue+0x107/0x1e0 ? lock_timer_base+0x61/0x80 ? __mod_timer+0x202/0x380 rtnl_setlink+0xe5/0x170 ? bpf_lsm_binder_transaction+0x10/0x10 ? security_capable+0x36/0x50 rtnetlink_rcv_msg+0x121/0x350 ? rtnl_calcit.isra.0+0x100/0x100 netlink_rcv_skb+0x50/0xf0 netlink_unicast+0x1d3/0x2a0 netlink_sendmsg+0x22a/0x440 sock_sendmsg+0x5e/0x60 __sys_sendto+0xf0/0x160 ? __sys_getsockname+0x7e/0xc0 ? _copy_from_user+0x3c/0x80 ? __sys_setsockopt+0xc8/0x1a0 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f83fa7a39e0 This was caused by PF queue pile fragmentation due to flow director VSI queue being placed right after main VSI. Because of this main VSI was not able to resize its queue allocation for XDP resulting in no queues allocated for main VSI when XDP was turned on. Fix this by always allocating last queue in PF queue pile for a flow director VSI. | 5.5 |
2024-06-20 | CVE-2021-47620 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at the end of while num_reports loop, and would fill journal with false positives. | 5.5 |
2024-06-20 | CVE-2022-48718 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which drm_atomic_get_new_bridge_state is allowed to return. Assume a fixed format instead. | 5.5 |
2024-06-20 | CVE-2022-48719 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NTF_MANAGED entries [0]: kworker/0:16/14617 is trying to acquire lock: ffffffff8d4dd370 (&tbl->lock){++-.}-{2:2}, at: ___neigh_create+0x9e1/0x2990 net/core/neighbour.c:652 [...] but task is already holding lock: ffffffff8d4dd370 (&tbl->lock){++-.}-{2:2}, at: neigh_managed_work+0x35/0x250 net/core/neighbour.c:1572 The neighbor entry turned to NUD_FAILED state, where __neigh_event_send() triggered an immediate probe as per commit cd28ca0a3dd1 ("neigh: reduce arp latency") via neigh_probe() given table lock was held. One option to fix this situation is to defer the neigh_probe() back to the neigh_timer_handler() similarly as pre cd28ca0a3dd1. | 5.5 |
2024-06-20 | CVE-2022-48723 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphier_spi_probe() The issue happens in several error paths in uniphier_spi_probe(). When either dma_get_slave_caps() or devm_spi_register_master() returns an error code, the function forgets to decrease the refcount of both `dma_rx` and `dma_tx` objects, which may lead to refcount leaks. Fix it by decrementing the reference count of specific objects in those error paths. | 5.5 |
2024-06-19 | CVE-2021-47578 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. | 5.5 |
2024-06-19 | CVE-2021-47584 | Linux | Divide By Zero vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic assumes that the donor has non-zero after-donation hweight, so the lowest active hweight a donating cgroup can have is 2 so that it can donate 1 while keeping the other 1 for itself. Earlier, we only donated from cgroups with sizable surpluses so this condition was always true. | 5.5 |
2024-06-19 | CVE-2021-47585 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak in __add_inode_ref() Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(), but when the function returns in line 1184 (#4) victim_name allocated by line 1169 (#3) is not freed, which will lead to a memory leak. There is a similar snippet of code in this function as allocating a memory chunk for victim_name in line 1104 (#1) as well as releasing the memory in line 1116 (#2). We should kfree() victim_name when the return value of backref_in_log() is less than zero and before the function returns in line 1184 (#4). 1057 static inline int __add_inode_ref(struct btrfs_trans_handle *trans, 1058 struct btrfs_root *root, 1059 struct btrfs_path *path, 1060 struct btrfs_root *log_root, 1061 struct btrfs_inode *dir, 1062 struct btrfs_inode *inode, 1063 u64 inode_objectid, u64 parent_objectid, 1064 u64 ref_index, char *name, int namelen, 1065 int *search_done) 1066 { 1104 victim_name = kmalloc(victim_name_len, GFP_NOFS); // #1: kmalloc (victim_name-1) 1105 if (!victim_name) 1106 return -ENOMEM; 1112 ret = backref_in_log(log_root, &search_key, 1113 parent_objectid, victim_name, 1114 victim_name_len); 1115 if (ret < 0) { 1116 kfree(victim_name); // #2: kfree (victim_name-1) 1117 return ret; 1118 } else if (!ret) { 1169 victim_name = kmalloc(victim_name_len, GFP_NOFS); // #3: kmalloc (victim_name-2) 1170 if (!victim_name) 1171 return -ENOMEM; 1180 ret = backref_in_log(log_root, &search_key, 1181 parent_objectid, victim_name, 1182 victim_name_len); 1183 if (ret < 0) { 1184 return ret; // #4: missing kfree (victim_name-2) 1185 } else if (!ret) { 1241 return 0; 1242 } | 5.5 |
2024-06-19 | CVE-2021-47590 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. | 5.5 |
2024-06-19 | CVE-2021-47597 | Linux | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. | 5.5 |
2024-06-19 | CVE-2021-47601 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returns NULL so fix this condition to avoid a NULL dereference. | 5.5 |
2024-06-19 | CVE-2021-47610 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null ptr access msm_ioctl_gem_submit() Fix the below null pointer dereference in msm_ioctl_gem_submit(): 26545.260705: Call trace: 26545.263223: kref_put+0x1c/0x60 26545.266452: msm_ioctl_gem_submit+0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0_svc_common+0xf8/0x250 26545.291025: do_el0_svc_compat+0x28/0x54 26545.295066: el0_svc_compat+0x10/0x1c 26545.298838: el0_sync_compat_handler+0xa8/0xcc 26545.303403: el0_sync_compat+0x188/0x1c0 26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008) 26545.318799: Kernel panic - not syncing: Oops: Fatal exception | 5.5 |
2024-06-19 | CVE-2021-47612 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014 Workqueue: events netlink_sock_destruct_work RIP: 0010:klist_iter_exit+0x26/0x80 Call Trace: <TASK> class_dev_iter_exit+0x15/0x20 nfc_genl_dump_devices_done+0x3b/0x50 genl_lock_done+0x84/0xd0 netlink_sock_destruct+0x8f/0x270 __sk_destruct+0x64/0x3b0 sk_destruct+0xa8/0xd0 __sk_free+0x2e8/0x3d0 sk_free+0x51/0x90 netlink_sock_destruct_work+0x1c/0x20 process_one_work+0x411/0x710 worker_thread+0x6fd/0xa80 | 5.5 |
2024-06-19 | CVE-2024-38539 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool available:36041) kmemleak: Automatic memory scanning thread started kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 8 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 17 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 4 new suspected memory leaks (see /sys/kernel/debug/kmemleak) unreferenced object 0xffff88855da53400 (size 192): comm "rdma", pid 10630, jiffies 4296575922 hex dump (first 32 bytes): 37 00 00 00 00 00 00 00 c0 ff ff ff 1f 00 00 00 7............... 10 34 a5 5d 85 88 ff ff 10 34 a5 5d 85 88 ff ff .4.].....4.].... backtrace (crc 47f66721): [<ffffffff911251bd>] kmalloc_trace+0x30d/0x3b0 [<ffffffffc2640ff7>] alloc_gid_entry+0x47/0x380 [ib_core] [<ffffffffc2642206>] add_modify_gid+0x166/0x930 [ib_core] [<ffffffffc2643468>] ib_cache_update.part.0+0x6d8/0x910 [ib_core] [<ffffffffc2644e1a>] ib_cache_setup_one+0x24a/0x350 [ib_core] [<ffffffffc263949e>] ib_register_device+0x9e/0x3a0 [ib_core] [<ffffffffc2a3d389>] 0xffffffffc2a3d389 [<ffffffffc2688cd8>] nldev_newlink+0x2b8/0x520 [ib_core] [<ffffffffc2645fe3>] rdma_nl_rcv_msg+0x2c3/0x520 [ib_core] [<ffffffffc264648c>] rdma_nl_rcv_skb.constprop.0.isra.0+0x23c/0x3a0 [ib_core] [<ffffffff9270e7b5>] netlink_unicast+0x445/0x710 [<ffffffff9270f1f1>] netlink_sendmsg+0x761/0xc40 [<ffffffff9249db29>] __sys_sendto+0x3a9/0x420 [<ffffffff9249dc8c>] __x64_sys_sendto+0xdc/0x1b0 [<ffffffff92db0ad3>] do_syscall_64+0x93/0x180 [<ffffffff92e00126>] entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause: rdma_put_gid_attr is not called when sgid_attr is set to ERR_PTR(-ENODEV). | 5.5 |
2024-06-19 | CVE-2024-38543 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if the physical memory has run out. | 5.5 |
2024-06-19 | CVE-2024-38546 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fix possible null pointer dereference In vc4_hdmi_audio_init() of_get_address() may return NULL which is later dereferenced. | 5.5 |
2024-06-19 | CVE-2024-38547 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binary after the following call chain: sh_css_pipe_load_binaries() |-> load_video_binaries(mycs->yuv_scaler_binary == NULL) | |-> sh_css_pipe_unload_binaries() |-> unload_video_binaries() In unload_video_binaries(), it calls to ia_css_binary_unload with argument &pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the same memory slot as mycs->yuv_scaler_binary. | 5.5 |
2024-06-19 | CVE-2024-38549 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. | 5.5 |
2024-06-19 | CVE-2024-38551 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is present and used on a board to assign the correct parameters and this is done by checking the codec DAI names at probe time. If no real codec is present, assign the dummy codec to the DAI link to avoid NULL pointer during string comparison. | 5.5 |
2024-06-19 | CVE-2024-38553 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndo_poll_controller to avoid deadlocks There is a deadlock issue found in sungem driver, please refer to the commit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid deadlocks"). | 5.5 |
2024-06-19 | CVE-2024-38554 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of net_device There is a reference count leak issue of the object "net_device" in ax25_dev_device_down(). | 5.5 |
2024-06-19 | CVE-2024-38557 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor load fails, the eswitch error flow unloads all representors, including ethernet representors, where the netdevs get detached and removed from lag bond. | 5.5 |
2024-06-19 | CVE-2024-38563 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage. | 5.5 |
2024-06-19 | CVE-2024-38571 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c) as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null pointer dereference (if DEBUG or DYNAMIC_DEBUG set). Fix this bug by adding null pointer check. Found by Linux Verification Center (linuxtesting.org) with SVACE. | 5.5 |
2024-06-19 | CVE-2024-38584 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() In the prueth_probe() function, if one of the calls to emac_phy_connect() fails due to of_phy_connect() returning NULL, then the subsequent call to phy_attached_info() will dereference a NULL pointer. Check the return code of emac_phy_connect and fail cleanly if there is an error. | 5.5 |
2024-06-19 | CVE-2024-38590 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. | 5.5 |
2024-06-19 | CVE-2024-38591 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xa_lock for SRQ table may be required in AEQ. | 5.5 |
2024-06-19 | CVE-2024-38597 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: eth: sungem: remove .ndo_poll_controller to avoid deadlocks Erhard reports netpoll warnings from sungem: netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398) WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c gem_poll_controller() disables interrupts, which may sleep. We can't sleep in netpoll, it has interrupts disabled completely. Strangely, gem_poll_controller() doesn't even poll the completions, and instead acts as if an interrupt has fired so it just schedules NAPI and exits. | 5.5 |
2024-06-19 | CVE-2024-38598 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976] CPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1 RIP: 0010:_raw_spin_unlock_irq+0x13/0x30 Call Trace: <TASK> md_bitmap_start_sync+0x6b/0xf0 raid10_sync_request+0x25c/0x1b40 [raid10] md_do_sync+0x64b/0x1020 md_thread+0xa7/0x170 kthread+0xcf/0x100 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1a/0x30 And the detailed process is as follows: md_do_sync j = mddev->resync_min while (j < max_sectors) sectors = raid10_sync_request(mddev, j, &skipped) if (!md_bitmap_start_sync(..., &sync_blocks)) // md_bitmap_start_sync set sync_blocks to 0 return sync_blocks + sectors_skippe; // sectors = 0; j += sectors; // j never change Root cause is that commit 301867b1c168 ("md/raid10: check slab-out-of-bounds in md_bitmap_get_counter") return early from md_bitmap_get_counter(), without setting returned blocks. Fix this problem by always set returned blocks from md_bitmap_get_counter"(), as it used to be. Noted that this patch just fix the softlockup problem in kernel, the case that bitmap size doesn't match array size still need to be fixed. | 5.5 |
2024-06-19 | CVE-2024-38600 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end. | 5.5 |
2024-06-19 | CVE-2024-38602 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issues of ax25_dev The ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference count leak issue of the object "ax25_dev". Memory leak issue in ax25_addr_ax25dev(): The reference count of the object "ax25_dev" can be increased multiple times in ax25_addr_ax25dev(). | 5.5 |
2024-06-19 | CVE-2024-38603 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() pci_alloc_irq_vectors() allocates an irq vector. | 5.5 |
2024-06-19 | CVE-2024-38608 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix netif state handling mlx5e_suspend cleans resources only if netif_device_present() returns true. | 5.5 |
2024-06-18 | CVE-2024-36976 | Linux | Improper Locking vulnerability in Linux Kernel 6.9/6.9.1 In the Linux kernel, the following vulnerability has been resolved: Revert "media: v4l2-ctrls: show all owned controls in log_status" This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: [Wed May 8 10:02:06 2024] Possible unsafe locking scenario: [Wed May 8 10:02:06 2024] CPU0 CPU1 [Wed May 8 10:02:06 2024] ---- ---- [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); For now just revert. | 5.5 |
2024-06-17 | CVE-2024-6063 | Gpac | NULL Pointer Dereference vulnerability in Gpac 2.5Devrev288G11067Ea92Master A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. | 5.5 |
2024-06-17 | CVE-2024-6064 | Gpac | Use After Free vulnerability in Gpac 2.5Devrev288G11067Ea92Master A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. | 5.5 |
2024-06-17 | CVE-2024-6061 | Gpac | Infinite Loop vulnerability in Gpac 2.5Devrev288G11067Ea92Master A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. | 5.5 |
2024-06-17 | CVE-2024-6062 | Gpac | NULL Pointer Dereference vulnerability in Gpac 2.5Devrev288G11067Ea92Master A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. | 5.5 |
2024-06-22 | CVE-2024-3593 | Sevenspark | Cross-Site Request Forgery (CSRF) vulnerability in Sevenspark Ubermenu 3.8.3 The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. | 5.4 |
2024-06-22 | CVE-2024-5965 | Wildweblab | Cross-site Scripting vulnerability in Wildweblab Mosaic The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-22 | CVE-2024-5966 | Grey Opaque Project | Cross-site Scripting vulnerability in Grey Opaque Project Grey Opaque The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-22 | CVE-2024-2484 | Themeisle | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-22 | CVE-2024-4313 | Fusionplugin | Cross-site Scripting vulnerability in Fusionplugin Table Addons for Elementor The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-22 | CVE-2024-5346 | Uxthemes | Cross-site Scripting vulnerability in Uxthemes Flatsome The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-21 | CVE-2023-39517 | Joplin Project | Cross-site Scripting vulnerability in Joplin Project Joplin Joplin is a free, open source note taking and to-do application. | 5.4 |
2024-06-21 | CVE-2024-37671 | Tessi | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter. | 5.4 |
2024-06-21 | CVE-2024-37672 | Tessi | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter. | 5.4 |
2024-06-21 | CVE-2024-37673 | Tessi | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter. | 5.4 |
2024-06-21 | CVE-2024-37675 | Tessi | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file. | 5.4 |
2024-06-21 | CVE-2022-38055 | Gvectors | Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. | 5.4 |
2024-06-21 | CVE-2024-35758 | Themehorse | Cross-site Scripting vulnerability in Themehorse Interface Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Horse Interface allows Stored XSS.This issue affects Interface: from n/a through 3.1.0. | 5.4 |
2024-06-21 | CVE-2024-35761 | Vcita | Cross-site Scripting vulnerability in Vcita Online Booking & Scheduling Calendar for Wordpress BY Vcita Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.0. | 5.4 |
2024-06-21 | CVE-2024-35762 | Cryoutcreations | Cross-site Scripting vulnerability in Cryoutcreations Serious Slider Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cryout Creations Serious Slider allows Stored XSS.This issue affects Serious Slider: from n/a through 1.2.4. | 5.4 |
2024-06-21 | CVE-2024-35763 | Themefreesia | Cross-site Scripting vulnerability in Themefreesia Excellent Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Excellent allows Stored XSS.This issue affects Excellent: from n/a through 1.2.9. | 5.4 |
2024-06-21 | CVE-2024-35764 | Church Admin Project | Cross-site Scripting vulnerability in Church Admin Project Church Admin Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4. | 5.4 |
2024-06-21 | CVE-2024-35774 | Darteweb | Cross-site Scripting vulnerability in Darteweb Dimage 360 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in D’arteweb DImage 360 allows Stored XSS.This issue affects DImage 360: from n/a through 2.0. | 5.4 |
2024-06-21 | CVE-2024-35779 | Livecomposerplugin | Cross-site Scripting vulnerability in Livecomposerplugin Live-Composer-Page-Builder Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42. | 5.4 |
2024-06-21 | CVE-2024-5058 | Wpdeveloper | Cross-site Scripting vulnerability in Wpdeveloper Typing Text Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5. | 5.4 |
2024-06-21 | CVE-2024-5945 | Kubiq | Cross-site Scripting vulnerability in Kubiq WP SVG Images The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 4.2 due to insufficient input sanitization. | 5.4 |
2024-06-21 | CVE-2024-5191 | Wpmudev | Cross-site Scripting vulnerability in Wpmudev Branda The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-21 | CVE-2024-4377 | Dotonpaper | Cross-site Scripting vulnerability in Dotonpaper DOT on Paper Shortcodes The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2024-06-21 | CVE-2024-4477 | Onetarek | Cross-site Scripting vulnerability in Onetarek WP Logs Book The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting | 5.4 |
2024-06-21 | CVE-2024-5448 | Mohsinrasool | Cross-site Scripting vulnerability in Mohsinrasool Paypal PAY Now, BUY Now, Donation and Cart Buttons Shortcode The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2024-06-20 | CVE-2024-37343 | Absolute | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator using a non-default configuration could click on it while the attacker has a valid tunnel session with the server. | 5.4 |
2024-06-20 | CVE-2024-37345 | Absolute | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. | 5.4 |
2024-06-20 | CVE-2024-6181 | Labvantage | Cross-site Scripting vulnerability in Labvantage Lims 2017 A vulnerability was found in LabVantage LIMS 2017. | 5.4 |
2024-06-20 | CVE-2024-6182 | Labvantage | Cross-site Scripting vulnerability in Labvantage Lims 2017 A vulnerability was found in LabVantage LIMS 2017. | 5.4 |
2024-06-20 | CVE-2024-5686 | Wpzoom | Cross-site Scripting vulnerability in Wpzoom Addons for Elementor The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-20 | CVE-2024-1168 | Seopress | Cross-site Scripting vulnerability in Seopress The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. | 5.4 |
2024-06-20 | CVE-2024-3558 | Custom Field Suite Project | Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-20 | CVE-2024-3627 | Kraftplugins | Missing Authorization vulnerability in Kraftplugins Wheel of Life The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. | 5.4 |
2024-06-20 | CVE-2024-4626 | Crocoblock | Cross-site Scripting vulnerability in Crocoblock Jetwidgets for Elementor The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-19 | CVE-2024-34443 | Themepunch | Cross-site Scripting vulnerability in Themepunch Slider Revolution Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before 6.7.11. | 5.4 |
2024-06-19 | CVE-2024-1407 | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. | 5.4 | |
2024-06-18 | CVE-2024-37803 | Health Care Hospital Management System Project | Cross-site Scripting vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page. | 5.4 |
2024-06-18 | CVE-2024-38507 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | 5.4 |
2024-06-18 | CVE-2024-5533 | Elegantthemes | Cross-site Scripting vulnerability in Elegantthemes Divi 4.23.2 The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-18 | CVE-2024-4094 | Sharethis | Cross-site Scripting vulnerability in Sharethis Simple Share Buttons Adder The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 5.4 |
2024-06-18 | CVE-2024-0845 | Redlettuce | Cross-site Scripting vulnerability in Redlettuce PDF Viewer for Elementor The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-18 | CVE-2024-4375 | Averta | Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1 The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. | 5.4 |
2024-06-17 | CVE-2024-5741 | Checkmk | Cross-site Scripting vulnerability in Checkmk Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | 5.4 |
2024-06-21 | CVE-2022-44593 | Solidwp | Insufficient Verification of Data Authenticity vulnerability in Solidwp Solid Security Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1. | 5.3 |
2024-06-21 | CVE-2024-3961 | Convertkit | Missing Authorization vulnerability in Convertkit - Email Marketing, Email Newsletter and Landing Pages The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. | 5.3 |
2024-06-21 | CVE-2024-3610 | Wensolutions | Missing Authorization vulnerability in Wensolutions WP Child Theme Generator The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. | 5.3 |
2024-06-19 | CVE-2024-0789 | The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. | 5.3 | |
2024-06-18 | CVE-2024-6128 | SPA Cart | Unspecified vulnerability in Spa-Cart Spa-Cartcms 1.9.0.6 A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. | 5.3 |
2024-06-18 | CVE-2024-38504 | Jetbrains | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles | 5.3 |
2024-06-18 | CVE-2024-5541 | Vowelweb | Unspecified vulnerability in Vowelweb Ibtana The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. | 5.3 |
2024-06-17 | CVE-2024-6056 | Nasirkhan | Information Exposure Through Discrepancy vulnerability in Nasirkhan Laravel Starter A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. | 5.3 |
2024-06-20 | CVE-2024-37346 | Absolute | Unspecified vulnerability in Absolute Secure Access There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. | 4.9 |
2024-06-19 | CVE-2024-23443 | Elastic | Unspecified vulnerability in Elastic Kibana A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack. | 4.9 |
2024-06-23 | CVE-2024-6267 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Service Provider Management System 1.0 A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. | 4.8 |
2024-06-22 | CVE-2024-38379 | Apache | Cross-site Scripting vulnerability in Apache Allura Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue. | 4.8 |
2024-06-21 | CVE-2024-35757 | 5Starplugins | Cross-site Scripting vulnerability in 5Starplugins Easy AGE Verify Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Easy Age Verify allows Stored XSS.This issue affects Easy Age Verify: from n/a through 1.8.2. | 4.8 |
2024-06-21 | CVE-2024-35759 | Wpjobportal | Cross-site Scripting vulnerability in Wpjobportal WP JOB Portal Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3. | 4.8 |
2024-06-21 | CVE-2024-35760 | Wpjobportal | Cross-site Scripting vulnerability in Wpjobportal WP JOB Portal Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3. | 4.8 |
2024-06-21 | CVE-2024-35768 | Livecomposerplugin | Cross-site Scripting vulnerability in Livecomposerplugin Live-Composer-Page-Builder Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42. | 4.8 |
2024-06-21 | CVE-2024-35769 | Slideshow SE Project | Cross-site Scripting vulnerability in Slideshow SE Project Slideshow SE Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through 2.5.17. | 4.8 |
2024-06-21 | CVE-2024-6225 | TMS Outsource | Cross-site Scripting vulnerability in Tms-Outsource Amelia The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. | 4.8 |
2024-06-21 | CVE-2024-4381 | Wielebenwir | Cross-site Scripting vulnerability in Wielebenwir Commonsbooking The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-06-21 | CVE-2024-4384 | Dmonnier | Cross-site Scripting vulnerability in Dmonnier Cssable Countdown The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-06-21 | CVE-2024-4755 | Erikeng | Cross-site Scripting vulnerability in Erikeng Google CSE 1.0.7 The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-06-21 | CVE-2024-4970 | Devnath Verma | Cross-site Scripting vulnerability in Devnath Verma Widget Bundle The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-06-21 | CVE-2024-5447 | Mohsinrasool | Cross-site Scripting vulnerability in Mohsinrasool Paypal PAY Now, BUY Now, Donation and Cart Buttons Shortcode The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-06-18 | CVE-2024-3276 | Fooplugins | Cross-site Scripting vulnerability in Fooplugins Foobox The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2024-06-18 | CVE-2024-5172 | Expert Invoice Project | Cross-site Scripting vulnerability in Expert Invoice Project Expert Invoice The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-06-17 | CVE-2024-6059 | Ingenico | Cross-site Scripting vulnerability in Ingenico Estate Management 2023 A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. | 4.8 |
2024-06-22 | CVE-2024-21515 | Opencart | Cross-site Scripting vulnerability in Opencart 4.0.0.0/4.0.2.2 This affects versions of the package opencart/opencart from 4.0.0.0. | 4.7 |
2024-06-22 | CVE-2024-21516 | Opencart | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 4.7 |
2024-06-21 | CVE-2024-38662 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. | 4.7 |
2024-06-20 | CVE-2024-38082 | Microsoft | Unspecified vulnerability in Microsoft Edge Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.7 |
2024-06-20 | CVE-2024-37350 | Absolute | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. | 4.7 |
2024-06-22 | CVE-2024-4874 | Bricksbuilder | Authorization Bypass Through User-Controlled Key vulnerability in Bricksbuilder Bricks The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. | 4.3 |
2024-06-21 | CVE-2024-5639 | Cozmoslabs | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. | 4.3 |
2024-06-21 | CVE-2024-4474 | Onetarek | Cross-Site Request Forgery (CSRF) vulnerability in Onetarek WP Logs Book The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
2024-06-21 | CVE-2024-4475 | Onetarek | Cross-Site Request Forgery (CSRF) vulnerability in Onetarek WP Logs Book The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack | 4.3 |
2024-06-21 | CVE-2024-4969 | Devnath Verma | Cross-Site Request Forgery (CSRF) vulnerability in Devnath Verma Widget Bundle The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack | 4.3 |
2024-06-21 | CVE-2024-1955 | Wprepublic | Missing Authorization vulnerability in Wprepublic Hide Dashboard Notifications The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. | 4.3 |
2024-06-20 | CVE-2024-38093 | Microsoft | Unspecified vulnerability in Microsoft Edge Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 |
2024-06-20 | CVE-2024-3602 | Promolayer | Missing Authorization vulnerability in Promolayer Popup Builder The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. | 4.3 |
2024-06-19 | CVE-2024-4541 | The Custom Product List Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. | 4.3 | |
2024-06-19 | CVE-2024-4873 | The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. | 4.3 | |
2024-06-18 | CVE-2024-5860 | Tickera | Incorrect Authorization vulnerability in Tickera The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. | 4.3 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-06-18 | CVE-2024-6129 | SPA Cart | Information Exposure Through Discrepancy vulnerability in Spa-Cart Spa-Cartcms 1.9.0.6 A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. | 3.7 |
2024-06-20 | CVE-2024-37349 | Absolute | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. | 3.4 |
2024-06-20 | CVE-2024-37351 | Absolute | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. | 3.4 |
2024-06-20 | CVE-2024-37352 | Absolute | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the vulnerable page. | 3.4 |
2024-06-20 | CVE-2024-37344 | Absolute | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. | 3.4 |
2024-06-20 | CVE-2024-37347 | Absolute | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. | 3.4 |
2024-06-20 | CVE-2024-37348 | Absolute | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. | 3.4 |